We are proud to announce that we have now released a new version of
My F-Secure with an upgraded dashboard view that
allows you to see all your F-Secure TOTAL apps conveniently in one place.
From the dashboard, you can:
Install your TOTAL apps
and see your security status at a glance,
Manage your apps and
upgrade your subscription and licenses more effectively, and
Easily access our
different Support services directly from
My F-Secure via
F-Secure Help.
To access the dashboard:
Log into your
My F-Secure account.
Select
TOTAL apps in the top bar, and the dashboard
comes into view.
To exit the view, select
TOTAL apps in the top bar or click on the My
F-Secure background, and the dashboard disappears from view.
... View more

Products affected: PSB Computer Protection versions 18.17 and later Problem: The number of missing software updates reported by the Software Updater (SWUP)-component in the clients does not match the updates available for installtion through the PSB portal. The portal shows a higher number of updates missing than what are available for installation. This is due to the client using a newer version of the SWUP-component that covers a larger amount of software. Visible effects: Devices in the PSB portal report that a number of updates are missing, and when trying to assign updates for installation only a smaller amount are availabe. This leaves the client in a state where it is constantly marked as missing software security updates. Workaround: The client uses its newer database to install security updates automatically. Automatic installation of All/Important/Critical security updates should be enabled by the PSB administrator in the Computer Protection profile settings to ensure that all available security updates get installed. ETA: Currently unknown; the issue is under investigation. Internal reference: CSBP-16709
... View more

F-Secure Endpoint Proxy, also referred to as Policy Manager Proxy
(PMP) is provided by F-Secure to minimize the bandwidth usage while downloading
updates to Computer Protection clients. This proxy caches GUTS2 updates -- the
malware signature database. If the PMP is not available, Computer Protection
clients automatically fall back to accessing GUTS2 directly.
In this article, we explain how to configure the Policy Manager Proxy
and use it with Computer Protection profiles.
Download and install the latest version of
F-Secure Policy Manager Proxy:
For
Windows
Download the
installer
here.
When asked for the
Proxy Manager Server address, use
0.0.0.0
For Linux
Download the
installer
here.
Note: Before installing Policy Manager proxy, install the
libstdc++ package by running these
commands:
yum install libstdc++.i686
yum install libstdc++.x86_64
Configure the proxy:
Use the
command:
/opt/f-secure/fspms/bin/fspms-config .
When prompted,
provide the server address as
0.0.0.0
Manage F-Secure
Policy Manager Proxy manually by typing
/etc/init.d/fspms {start|stop|restart|status} .
Check the client updates in the PMP logs:
In Linux:
/var/opt/f-secure/fspms/logs
In Windows:
<installation_directory>/F-Secure/Management Server 5/logs
What the logs mean:
Log
Explanation
request.log
This log lists the requests received
from the clients with a response status; for example, a 503 status, means the
update is not downloaded from GUTS2 yet, please try again later.
fspms-serve-updates.log
This log lists what was asked by
clients. If some updates are missing and requests are received from the client
end with a 503 status, the reasons for this are written in this log.
fspms-download-updates.log
This log lists the downloads from
GUTS2.
Configure a Computer Protection profile to use the PMP:
Go to
Profiles > Computer
Protection for Windows tab.
Select the profile that needs modifying, then under
General settings find the
F-Secure Endpoint Proxy setting.
This setting represents the local server address set in step
1. Once this profile is assigned to the computer, it can also be verified on
the client.
Open the client, then click
Tools > Check for
updates > View Details.
When the
Check for updates window opens, click the
View details link.
In
Common
settings > Updates, in the
Update server field (with a PMP address
value), check the address, then click
Check now.
The check should execute without any errors.
Note: The Policy Manager Proxy uses port 80 by default. Make
sure this is not blocked by the Windows firewall.
... View more

Products affected: PSB Freedome for Business, Android 8.0 and later. Problem: The method that the F-Secure Device Agent uses to broadcast the activation token to the Freedome application is no longer supported by Android 8.0 and upwards. An updated version of the Management Agent will be developed to correct this. Visible effects: Freedome for Business installs, but will not activate its subscription. The subcriptions page in the application shows "initializing". In the PSB portal, the device is listed as "Managed" with an amber indicator. Workaround: There is no workaround for this issue yet. ETA: Fix was released on December 27, 2018. PSB2 and PSB3 installations are working. However, we are still investigating the PSB1 installation issue. Internal reference: CSBP-16894
... View more

This article in other languages: Finnish, German.
Due to changes in Google's User Data and
Permissions policies in October 2018, some of the features currently supported
in F-Secure SAFE for Android and Mobile Security for Android can no longer be
offered and others will be changed to comply with the new policy.
The discontinuation and removal of these features from our software has
been unavoidable to ensure that we can continue offering our software in Google
Play.
The features affected are:
Call blocker: This
feature has been removed completely. It is no longer visible in the user
interface, and calls will no longer be blocked.
Report SIM change:
This feature has been removed completely. It is no longer supported.
SMS-based Antitheft
as a feature of Mobile Security for Android: As the SMS-based Antitheft feature
uses SMS permissions, this feature has been removed and is no longer available.
Note: We urge customers with Mobile Security for Android to move to
F-Secure SAFE. F-Secure SAFE offers
Antitheft capabilities as https-based Finder, which is managed through a
management portal.
These changes will be visible as soon as
version 17.6 has been published in Google Play.
For more information, see
Google’s policy change.
... View more

Symptoms
When logging in as an admin to the PSB portal, I see a red
notification banner on the PSB home page with a link to view affected accounts.
What does this mean?
Diagnosis
This banner is notifying you of user account conflicts, which have
been identified in the process of unifying our authentication system for
F-Secure business-related accounts, such as, Protection Service for Business
(PSB) and Rapid Detection and Response (RDR), Partner Portal 2 (PP2), and Rapid
Detection and Response Service (RDS).
While setting up the new authentication system, we have migrated
existing accounts to the new authentication system; however, during this
migration process, certain usernames now conflict with accounts using the same
username or email (if the username is in email format) in the new system.
Possible causes of these conflicts are:
There are possible
multiple accounts in the same PSB instance.
A similar name was used in
another account.
Another service is in use
in the new authentication system.
An account was deleted in
the PSB, but has not been deleted in the F-Secure Business Account.
The number of user accounts affected is relatively small; however,
these accounts can no longer be used.
Solution
To resolve account conflicts:
Click on the link in the red banner.
You are directed to the
Conflicts tab under
Accounts.
In the list, click on the login name affected and then on the
email activation link.
The admin receives an email to activate a new user with a new user
name that the PSB created automatically. Alternatively, you can create a new
account for this user.
Once the user has created a new login, delete the old user to
clear up the conflict warning.
Note: If an admin does not access the PSB portal using a certain
account, the user account can simply be deleted.
Related information
New PSB login flow and two-factor authentication setup
In the PSB portal, why do some email addresses have a plus
sign?
... View more

The RDS portal user can configure daily, weekly and monthly reports
on detections perceived in the monitored IT environment. The reports contain
information about detections, sensors and the threat intelligence from public
honeypots.
Each report includes an overview page showing the trend for all
detections in different detection states (Confirmed, Unconfirmed and False
Positive), and a summary of all Endpoint, Network and Honeypot sensor
detections reported by the Rapid Detection and Response Center (RDC) analysts
during the reporting period. Also, the amount of sensors that have been seen
online during the past 24 hours, 7 days or 30 days is included in the reports.
Attention: Reports include potentially sensitive
information, such as hostnames and detection descriptions, so bear this aspect
in mind before sharing downloaded reports as email attachments.
Reports are downloaded from the portal and portal users can create as
many scheduled reports as they need.
To create a new report:
Click the
Add new link to open the
Scheduled report setup page.
Type in the report name (for example, Weekly report).
Select how often you want to schedule the report. By default, the
frequency is "Weekly".
Select the timezone used.
This setting affects the data included in the report. It also
determines the dates and times used in the report.
Select the content you want included in the report. By default,
all the predefined content is included.
Click
Save.
Table 1. More about scheduled reports
Type of report
When available
Length stored
Daily report
The following day
Two weeks
Weekly report
Mondays for the previous week
Two months
Monthly report
1st day of the month for the previous month
Six months
Each report also contains a section "How to read this report", which
helps in reading and understanding the RDS report.
... View more

Products affected: Freedome for Business, iOS devices Problem: Freedome for Business fails to install properly. Visible effects: The F-Secure Freedome VPN app icon is grayed out on your devices. Workaround: After installation fails: 1. Go to Apple's App Store and find F-Secure Freedome VPN. On the F-Secure Freedome VPN page, there is a stop icon (circle with a square inside). 2. Exit the App Store and go back to the home screen on your iOS device. 3. Delete the F-Secure Freedome VPN app. 4. Go back to the App Store and the F-Secure Freedome VPN page. The stop icon should have been changed to a cloud icon with a downward arrow.
5. Click the arrow icon.
Freedome is now downloaded correctly to your iOS device.
For more information, here's the workaround as a video. ETA: Fixed in version 2.8.4.6381 on Nov 8, 2018.
Internal reference: CSBP-15947
... View more

If installing the sensor does not succeed, follow
these steps to troubleshoot:
Check that the
sensor.conf file is copied to the correct
location and has the correct privileges, and then rerun the installation.
Check the system logs for general errors (messages starting with
the
sensord prefix):
sudo cat /var/log/system.log | grep sensord
Check your configuration
Check the firewall
rules for outbound connections.
Check that the proxy
settings are correct.
Check that the
sensor.conf file exists.
... View more

Note: If the operating system is Windows 7 or Windows 2008 R2, verify
that the KB3033929 Microsoft Security Patch is installed before you install the
sensor.
The Windows sensor does not install and the
following message appears:
Service 'F-Secure ATP' (fsatps) failed to start. Verify that you have sufficient privileges to start system services
Follow these steps to troubleshoot:
Make sure that you run the installation as an administrator.
Check the digital signature of the binary:
Right-click
fsatpl.exe (the file is located under
%ProgramFiles%\F-Secure\ATP ), and select
Properties > Digital
Signatures.
In the Signature list, select
F-Secure Corporation and click
<Details>.
The dialog that opens should say
The digital signature is OK. If this
message is not shown, install the certificates as described below.
Check that the following certificates are installed in the system
and are valid:
DigiCert High
Assurance EV Root CA
Digicert Assured ID
Root CA
To check these certificates:
Open the Certificate
Management console. You can find this by searching for
certificate in Windows Control Panel.
Go to
Trusted Root Certification
Authorities > Certificates.
Check that both
certificates are listed.
If they are not
available or have expired, download them from:
https://www.digicert.com/digicert-root-certificates.htm
... View more

To collect the client's database and diagnostic information, do as
follows:
Run the following command via an administrative shell to stop the
service if it is running:
net stop "F-Secure ATP"
Navigate to the
C:\ProgramData\F-Secure\ATP\pstor folder and
collect its content.
The folder requires administrative privileges to access.
Run the included diagnostics tool that is located in the
installation directory to collect the RDS sensor diagnostic information:
"c:\Program Files\F-Secure\ATP\fsdiag.exe"
The tool requires administrator privileges to collect all the
required information.
After the tool has collected the information, it creates an
fsdiag.7z file on the desktop.
Note: If you need to save the file in another directory that
already exists, use the -out parameter:
"c:\Program Files\F-Secure\ATP\fsdiag.exe" -out c:\diag_folder\fsdiag.7z
Run the following command via an administrative shell after you
have collected all the data:
net start "F-Secure ATP"
... View more

Use the diagnostics tool included in the product to collect diagnostic
information as follows:
Run the following command:
/usr/local/f-secure-rds/fsdiag.sh.
The diagnostics tool generates an encrypted diagnostic file
fsdiag.tar.gz.enc .
... View more

Use the diagnostics tool included in the product to collect diagnostic
information as follows:
Run the following command:
/etc/f-secure/atp/diag.sh
The diagnostics tool generates an encrypted diagnostic file
diag.tar.gz.gpg .
... View more

The RDS Windows sensor supports several approaches
to configuring proxy information.
If multiple configurations exist, they are evaluated in the following
order:
Sensor-specific proxy
You can route the traffic through a specific proxy that you define
during installation.
System-defined proxy
The sensor reads the WinHTTP proxy set by the netsh Windows utility.
You can find detailed instructions for this utility online.
Automatically discovered
proxy
The sensor uses the Web Proxy Auto-Discovery protocol (WPAD) to
determine the required proxy for connecting to the RDS backend.
... View more

With RDS, we classify two types of severity:
Incidents are
suspected breaches, which can consist of a single
high severity detection or several medium or low detections.
Detections can be
either
high,
medium, or
low.
The Rapid Detection and Response Service uses the
data, as well as our human expertise to respond to the severity in the
appropriate way. For example, we report on all detections in the portal and
send our customers email notification.
If a detection is elevated to an incident, we notify our customers by
phone, as well as providing them with the event data from the portal.
... View more

F-Secure Rapid Detection & Response Service
(RDS) is a managed intrusion detection and response service that combines the
best technology with the best security experts.
Advanced Persistent Threats (APT) and cyber threats are already an
extremely costly problem for companies. Defending against these attacks
requires both the latest technological solutions and the expertise to analyze
and understand the available data.
Rapid Detection & Response Service has been specifically designed to
meet the rapidly changing security landscape, where the commoditization of
attack tools and processes now allows cyber criminals to focus on individual
companies. By combining technology and experts, we are able to cut the time
from detection to response to a minimum and make it easy for customers to adopt
our service.
Detection is based on lightweight sensors - available for workstations
and servers (Windows, Mac, Linux) as well as networks (honeypots and network
sensors - passive network monitors) - that send all the collected data to our
security cloud. Saving the data from the sensors to our cloud allows us not
just to do real-time detection, but also to make detections based on applying
new rules to old data.
... View more

Operating system
The RDS Windows sensor supports both 32-bit and
64-bit platforms and is designed to run on both client and server versions of
the Microsoft Windows operating system.
Supported client operating systems:
Windows 7 (with
KB3033929)
Windows 8
Windows 8.1
Windows 10
Supported server operating systems:
Windows 2008 R2 (with
KB3033929)
Windows 2012
Windows 2012 R2
Windows 2016
Processor and memory
Given the lightweight nature of the RDS sensor, there are no
significant requirements regarding CPU and RAM; any machine capable of properly
running the supported versions of the operating system should be able to run
the client sensor without any noticeable impact.
Disk space
To optimize the data collection and ensure that no activity is lost
even when the machine is disconnected from the backend system, the RDS Windows
sensor uses a local database to store the data that it collects. The upper
limit for this local storage is 100 megabytes by default, meaning that any
machine with over 100 megabytes of free space is suitable for installation.
Note: The sensor and its database are stored on the primary partition
of the hard drive.
... View more

Operating system
The RDS Mac sensor supports the following
versions of the macOS operating systems:
macOS 10.13 (High Sierra)
macOS 10.12 (Sierra)
OS X 10.11 (El Capitan)
Processor
Given the lightweight nature of the RDS sensor, there are no
significant requirements regarding the CPU.
Memory
The RDS Mac sensor's performance relies heavily on RAM buffers. A
typical Mac sensor's RAM consumption is 20 MB, however in some rare
circumstances (for example, when the server is under high load or there is a
long network break), the sensor may use 100 MB of RAM.
Disk space
Typically, disk space usage is less than 20 MB.
... View more

Operating system
The RDS Linux sensor is designed to run on any
recent major version of the following 64-bit (amd64) linux distributions.
Note: Containers are not supported.
Supported operating systems:
CentOS 6
CentOS 7
RHEL 6
RHEL 7
AMI Linux
Debian 7
Debian 8
Ubuntu 16.04
Processor
Given the lightweight nature of the RDS sensor, there are no
significant requirements regarding the CPU; any machine capable of properly
running the supported versions of the operating system should be able to run
the client sensor without any noticeable impact.
Memory
The RDS Linux sensor's performance relies heavily on RAM buffers. A
typical Linux sensor's RAM consumption is 100 MB, however in some rare
circumstances (for example, when the server is under high load or there is a
long network break), the sensor may use 500 MB of RAM.
Disk space
Typically, disk space usage is less than 20 MB.
... View more

When an update to the RDS sensors is available, F-Secure notifies your
organization.
The notification includes a changelog, as well as instructions on how to
retrieve the updated package. Testing of the updated package should proceed as
described for manual installation.
To update the sensors, install the new package over the existing
installation, exactly as if it was a completely new installation. This means
that you do not have to uninstall anything or perform any other cleanup tasks.
No restart is required.
... View more

Symptoms
After the firmware update in version 1.7.104.20, port forwarding rules
are not working.
Diagnosis
This issue is due to the recent enablement of the multicasting
functionality in firmware version 1.7.104.20, which causes user-defined port
forwarding rules to be overwritten by a new IP table rule.
Solution
Set up port forwarding
rules again.
Please refer to this
article on how to set port forwarding.
... View more

Hi @martink,
Thanks for your comments regarding the Kuluttaja test. Here is the response from our product team, who emphasize that our product highlights the security and privacy aspects.
"F-Secure KEY complements F-Secure's internet security products by offering basic password management capabilities built with industry-leading security. F-Secure KEY is a secure storage for passwords, PIN codes and other pieces of personal information.
Our focus has been on security and privacy aspects in order to make sure your passwords and other data are not compromised. KEY has been designed to help create unique high quality passwords and store them securely, while guiding towards better password practices.
Naturally, we continue developing KEY further, so now is a great opportunity to share your views about which other benefits you value in addition to security and privacy."
I hope this helps to answer your question.
... View more

With a TOTAL subscription, the number of KEY licenses is determined by
your TOTAL subscription. For example, if your TOTAL subscription covers 5
devices, this means five different users can use KEY on their devices. These
five users can then sync their passwords with an unlimited number of devices.
Related information
What is F-Secure KEY?
What is an F-Secure KEY Master Password?
F-Secure KEY in a nutshell
How does F-Secure TOTAL licensing work?
... View more

This article in other languages: Finnish, Swedish, Danish, Norwegian, German, French, Italian, Japanese, Dutch, Polish.
This article only applies to you if you have an F-Secure TOTAL
subscription.
With TOTAL, you can order your SENSE router in the following countries:
Austria
Belgium
Denmark
Finland
France
Germany
Netherlands
Norway
Sweden
United Kingdom
United States
Related information
How do I order a SENSE router after purchasing F-Secure TOTAL?
... View more

This article in other languages: Finnish, Swedish, Danish, Norwegian, German, French, Italian, Dutch.
F-Secure TOTAL now comes with SENSE home protection. If you have
purchased TOTAL, you first need to buy the SENSE router to take your home
protection into use. You can do this as follows:
Log in to your
My F-Secure account.
Go to
Orders and Payments.
Next to F-Secure SENSE, select
Buy.
This takes you to the shopping cart.
In
Order information, check (and update if
needed) your shipping and payment details, then select
Buy now.
Your order is processed and a confirmation email is sent to
you with tracking details.
Note: Your SENSE router will be delivered by courier. Therefore,
please double-check and modify if all the pre-filled and payment details are
needed in order for you to receive the parcel successfully.
Related information
I already have SENSE. Can I add it to my TOTAL subscription?
How does F-Secure TOTAL licensing work?
... View more